Published: 2022/10/07  Last Updated: 2022/10/07

Information from WESEEK, Inc.

Vulnerability ID:JVN#00845253
Title:Growi vulnerable to improper access control

This is a statement from the vendor itself with no modification by JPCERT/CC.

We have discovered that a vulnerability exists in the GROWI system provided by our company.

[Affected Products]
The affected products are as follows
Product name: GROWI
Affected version: v5.1.4
- v5 series versions prior to v5.1.4
- v4 versions prior to v4.5.25

GROWI is vulnerable to an access restriction failure.

There is a risk that information on private pages could be viewed by users in the same system who do not have access privileges to the page in question.

- If you are using v5 series, please update to v5.1.4 or later.
- If you are using v4 series, please update to v4.5.25 or later.

[Where to get the updated version]
- [GitHub](
- [Docker Hub](

update history